gandcrab | d67f6998b89c1fdd30280ce56c82646165010e01e7fd8b873a091ea9612c08ac | Triage

Sharing

General

Target

2025-01-28_2c95a8bc277daef6a30233559f83079e_gandcrab
Size

70KB
Sample

250128-an42tazrfz
MD5

2c95a8bc277daef6a30233559f83079e
SHA1

33e690b536b3e64f08a74f9319eabf4764a9d16b
SHA256

d67f6998b89c1fdd30280ce56c82646165010e01e7fd8b873a091ea9612c08ac
SHA512

5489e5834bcc86fe834f99dfe0a4ebd63edc61d3ea0e9c6c49f036ceb144c86a232a31d84c07e330b01b6c674fbbfc2ccc5d53ee472761f813e07ee50f4c64ff
SSDEEP

1536:rZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZM:qd5BJHMqqDL2/Ovvdr+

Score

10^/10

gandcrab discovery persistence

Malware Config

Targets

- Target
  
  2025-01-28_2c95a8bc277daef6a30233559f83079e_gandcrab
- Size
  
  70KB
- MD5
  
  2c95a8bc277daef6a30233559f83079e
- SHA1
  
  33e690b536b3e64f08a74f9319eabf4764a9d16b
- SHA256
  
  d67f6998b89c1fdd30280ce56c82646165010e01e7fd8b873a091ea9612c08ac
- SHA512
  
  5489e5834bcc86fe834f99dfe0a4ebd63edc61d3ea0e9c6c49f036ceb144c86a232a31d84c07e330b01b6c674fbbfc2ccc5d53ee472761f813e07ee50f4c64ff
- SSDEEP
  
  1536:rZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZM:qd5BJHMqqDL2/Ovvdr+
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence